Tuesday, December 15, 2009

A teleco in Brunei required our service to install and configure Sun Cluster Data Service for Oracle HA.

Fairly simple requirement ... only if all components are of the latest, I thought. But when I took a look at the BOM list, I was surprised that they are using a fairly old version of Sun Cluster 3.1. For Oracle database, they want the latest 11gR2 release though.

There isn't enough information on the Internet. Thus, we wrote in to Sun and below is the reply:

Oracle Server

8.1.6 32&64bit 8.1.7 32&64bit 9i 32&64bit SC 3.1 Solaris 8, 9•Note thatOracle8.1.x have been desupported by Oracle. However, when the customer has continuing support for Oracle 8.1.x from Oracle,Sun will continue supporting the Sun Cluster HA Oracle agent with it.

Tuesday, December 8, 2009

As I have mentioned in my previous post, I was in Bangkok last week to help in conducting a Performance Test for a Single Sign-On and Identity Management project for a local bank.

The user complained about slowness when trying to log into Access Manager. He noticed that, at times, it takes a user 4 minutes to login to Access Manager.

From our analysis, this only happens after a long period of inactivity on Access Manager. The technical explanation is due to the connections dropped by the Firewall that sits in-between Access Manager and Directory Server.

When a connection is dropped by the Firewall, the Access Manager is not aware. Thus when a user attempts to login to Access Manager after a long period of inactivity, he will need to wait around 4 minutes. This is the approximate time taken for the Access Manager to wait for TCP timeout and retry with a new connection to Directory Server.

The easiest and most commonly used technique to resolve this issue is to configure the Firewall not to drop any connection from Sun Access Manager to Sun Directory Manager. However, the customer has indicated that the Nokia Firewall cannot be configured as such.

The workaround is to set a parameter in Access Manager. This ensures that the connections from Access Manager are restarted even before the Firewall attempts to drop any inactive connection.

/*** The following properties can be used when a Load Balancer/Firewall* is in between the agents and the Directory Server and the persistent* search connections are dropped by them when TCP idle timeout happens.** These properties make sure that the persistent searches restart* in such cases when the connections are dropped.** The property 'com.sun.am.event.connection.idle.timeout' specifies* timeout value in minutes after which the persistent searches will be* restarted. Ideally, this value should be lower than the Load Balancer/* Firewall TCP timeout, to make sure that the persistent searches are* restarted before the connections are dropped. A value of '0' indicates* that these searches will not be restarted. By default the value is '0'* Note: only the connections that are timed out will be reset.*/com.sun.am.event.connection.idle.timeout=60